15 matches found
CVE-2015-7336
CVE-2015-7336 affects Lenovo System Update (ThinkVantage System Update). The vulnerability lies in SUService.exe, which creates a named pipe for system update services; an attacker could bypass the pipeline client identity signature and send arbitrary commands to the pipe when using Lenovo System...
CVE-2015-7334
Lenovo System Update (SUService.exe) local privilege escalation CVE-2015-7334 affects Lenovo System Update prior to and including version 5.07.0008, where the SUService.exe /type COMMAND path could allow an unprivileged user to execute arbitrary code with elevated privileges. The vulnerability ar...
CVE-2015-7335
The CVE-2015-7335 entry concerns a race condition in Lenovo System Update (ThinkVantage System Update) that could allow local privilege escalation on affected systems. Technical details across connected records indicate impact on Lenovo System Update versions up to 5.07.0008 and earlier, enabling...
CVE-2015-7333
CVE-2015-7333 is a local privilege escalation in Lenovo System Update (ThinkVantage System Update) prior to or including version 5.07.0008. The SUService.exe process handles system updates and accepts commands (type INF and INF_BY_COMPATIBLE_ID) that could be exploited to execute arbitrary code w...
CVE-2019-6175
CVE-2019-6175 affects Lenovo System Update prior to 5.07.0088. The issue allows writing configuration files to non‑standard locations, leading to a Denial of Service. Affected component: Lenovo System Update (Lenovo PS500271 advisories confirm the vulnerability and recommend upgrading to version ...
CVE-2022-4568
CVE-2022-4568 is described in the initial document as a directory permissions management vulnerability in Lenovo System Update that may allow elevation of privileges. The connected documents corroborate Lenovo-specific context and reference a Lenovo security advisory (LEN-103545) for remediation ...
CVE-2022-0354
Summary: CVE-2022-0354 targets Lenovo System Update. Affected: Lenovo System Update versions before 2022-02-25. Description from PT-2022-2221 indicates an issue during installation of a System Update package that displays a command prompt window, allowing a local user with interactive system acce...
CVE-2015-2219
Lenovo System Update (before 5.06.0034) contains a local privilege escalation due to predictable security tokens used to access the System Update named pipe SUservice.exe. The named pipe, \SUPipeServer, can be interacted with by normal users to inject commands as SYSTEM if a valid token is provid...
CVE-2023-4632
CVE-2023-4632 concerns Lenovo System Update. The vulnerability is an uncontrolled/search path vulnerability in Lenovo System Update that could let a local attacker execute code with elevated privileges due to an untrusted search path. Affected product is Lenovo System Update; root cause is the un...
CVE-2019-6163
The CVE-2019-6163 issue affects Lenovo System Update prior to version 5.07.0084. The vulnerability, a denial of service caused by the ability to write service log files to non-standard locations, is documented across NVD and Lenovo advisories. Remediation is to upgrade Lenovo System Update to ver...
CVE-2015-2233
Lenovo System Update (before 5.06.0034) is affected by CVE-2015-2233 due to improper validation of CA chains during signature validation. This allows a man-in-the-middle with a crafted certificate to upload and execute arbitrary files. Affected software is Lenovo System Update prior to 5.06.0034,...
CVE-2015-2234
CVE-2015-2234 affects Lenovo System Update (versions prior to 5.06.0034). The issue is a race/permission problem where the update files directory is world-writable, allowing a local attacker to replace an update file after signature validation and potentially escalate privileges. The Nessus/Kasp...
CVE-2015-6971
Summary of CVE-2015-6971 : Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows a local attacker to submit commands to the SUService.exe and escalate privileges by launching signed Lenovo executables. The root cause is flaws in the security token authentication proce...
CVE-2018-9063
CVE-2018-9063 affects Lenovo System Update’s MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe). Versions prior to 5.07.0072 contain a local buffer overflow by entering very large user ID or password, leading to undefined behavior and potential arbitrary code execution. The exploit is loca...
CVE-2020-8342
CVE-2020-8342 impacts Lenovo System Update prior to version 5.07.0106, describing a race condition that could allow privilege escalation. Lenovo’s Lenovo PS500347 advisory and CNVD/NVD entries align on the same vulnerability and provide a remediation: upgrade to 5.07.0106 or newer. Other connecte...